The recent crisis has accelerated the trend that remote work becomes more the rule than the exception, but the new normality highlights the limitations of the traditional VPN (Virtual Private Network) highlighting the necessity of a new approach to security,

Virtual private network is the technology chosen by many companies to give remote access to business resources, but once users are logged in, the VPN gives them free access to all business resources without any restrictions.

In current conditions, many VPN gateways struggle to support the load increase introduced by the growing number of users working from home.

Having to channel all traffic through the company data center introduces latency and impacts the quality of services, especially those important such as video conference, for which performance and user experience are essential. Some mechanisms that aim to prevent this from happening often end up making the VPN even more complex and costly to manage.

According to David Cenciotti, Lead Sales Engineer Cloud Networking of Citrix Systems Italy, the traditional approach of VPN use has always been problematic, but today it is even more dangerous.

The cyber attack surface hitting is wider in this period: when attackers manage to take over a user’s credentials or access an unsafe device, a traditional VPN will allow them to wander within the corporate network. Once ntrati they can dedicate themselves to searching for sensitive information and to covering their tracks by installing additional tools that allow them to repeat the accesses.

It is therefore essential to adopt a better solution, which already exists and is based on the zero trust model.

Zero trust, i.e. always check

The zero trust model is based on a very simple principle: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â

No user or device is considered safe regardless of the scenario in which they access resources from within the corporate network.

For this reason, the first step is to know users, ideally applying multiple factor authentication methods with hardware tokens or soft tokens generated by apps.

The devices that connect to the network are inspected, for example by assessing the critical level of the information required or the level of update of the operating system and at the same time, the business data is protected by limiting access to the resources that users need to do their job.

Today’s zero-trust solutions use machine learning to constantly monitor end-users and endpoints activities and compare them to behavioral models to determine compliance with business policies.

This allows security personnel to quickly detect suspicious activities, detecting compromised accounts or internal threats that hide in the background noise of daily activities.

Through the Entering of Alerts at the time of detection of a suspicious activity, the zero trust model allows a ready and highly targeted reaction that significantly speeds up the response to accidents and shortens the time available for those who attack to circulate within the network.

According to Cenciotti, this approach, after years when cyber criminals have improved their tools and tactics while the response of companies has always been rather slow, allows companies to stay up to date with security regardless of where users are and from which device

IT environments based on a zero trust approach are not limited to ensuring that companies do not leave the keys to the first unknown who rings the bell.They will ask rather the same or any other visitor for a company badge and identification document. They’ll close all the doors except the designated room and know exactly where the tech is and what he’s doing.

In this way, at the moment when his behaviour is unusual, it will be possible to inform IT immediately.

Thus companies will always be able to keep an eye on users and devices, improving the identification of any problems and narrowing the window of possible attacks. At the same time, employees will be able to access their business resources safely, wherever they are and using any device.

Leave a Reply

Your email address will not be published.

You May Also Like